svn commit: r432410 - in head/sysutils/screen: . files
Cy Schubert
cy at FreeBSD.org
Wed Jan 25 01:36:44 UTC 2017
Author: cy
Date: Wed Jan 25 01:36:42 2017
New Revision: 432410
URL: https://svnweb.freebsd.org/changeset/ports/432410
Log:
Circumvent a trivial root privilege escalation.
See:
https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html
Reported by: Tim Zingelman <tez at pkgsrc.org>
Security: CVE not assigned yet
Modified:
head/sysutils/screen/Makefile
head/sysutils/screen/files/patch-screen.c
Modified: head/sysutils/screen/Makefile
==============================================================================
--- head/sysutils/screen/Makefile Wed Jan 25 00:34:08 2017 (r432409)
+++ head/sysutils/screen/Makefile Wed Jan 25 01:36:42 2017 (r432410)
@@ -3,6 +3,7 @@
PORTNAME= screen
PORTVERSION= 4.5.0
+PORTREVISION= 1
CATEGORIES= sysutils
MASTER_SITES= http://ftp.gnu.org/gnu/screen/ \
ftp://ftp.gnu.org/gnu/screen/ \
Modified: head/sysutils/screen/files/patch-screen.c
==============================================================================
--- head/sysutils/screen/files/patch-screen.c Wed Jan 25 00:34:08 2017 (r432409)
+++ head/sysutils/screen/files/patch-screen.c Wed Jan 25 01:36:42 2017 (r432410)
@@ -1,6 +1,21 @@
--- screen.c.orig 2017-01-17 11:28:29.397404660 -0800
-+++ screen.c 2017-01-18 04:54:50.874421000 -0800
-@@ -2222,7 +2222,7 @@
++++ screen.c 2017-01-24 17:31:24.342944000 -0800
+@@ -674,11 +674,14 @@
+ if (strlen(screenlogfile) > PATH_MAX)
+ Panic(0, "-L: logfile name too long. (max. %d char)", PATH_MAX);
+
++#if 0
++/* see https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html */
+ FILE *w_check;
+ if ((w_check = fopen(screenlogfile, "w")) == NULL)
+ Panic(0, "-L: logfile name access problem");
+ else
+ fclose(w_check);
++#endif
+ }
+ nwin_options.Lflag = 1;
+ break;
+@@ -2222,7 +2225,7 @@
pn2 = pn = p + padlen;
r = winmsg_numrend;
while (p >= buf) {
More information about the svn-ports-all
mailing list